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10 BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention relates to the field of content protection. More 
S5 specifically, the present invention addresses the generation of pseudo random 

L 15 numbers for use in a symmetric ciphering/deciphering process based authentication 
f: process for authenticating video receiving devices. 

C 2. Background Information 

In general, entertainment, education, art, and so forth (hereinafter collectively 
20 referred to as "content") packaged in digital form offer higher audio and video quality 
than their analog counterparts. However, content producers, especially those in the 
entertainment industry, are still reluctant in totally embracing the digital form. The 
primary reason being digital contents are particularly vulnerable to pirating. As 
unlike the analog form, where some amount of quality degradation generally occurs 
25 with each copying, a pirated copy of digital content is virtually as good as the "gold 
master". As a result, much effort have been spent by the industry in developing and 
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adopting techniques to provide protection to the distribution and rendering of digital 
content. 

Historically, the communication interface between a video source device 
(such as a personal computer) and a video sink device (such as a monitor) Is an 
analog interface. Thus, very little focus has been given to providing protection for 
the transmission between the source and sink devices. With advances in integrated 
circuit and other related technologies, a new type of digital interface between video 
source and sink devices is emerging. The availability of this type of new digital 
interface presents yet another new challenge to protecting digital video content. 
While in general, there is a large body of cipher technology known, the operating 
characteristics such as the volume of the data, its streaming nature, the bit rate and 
so forth, as well as the location of intelligence, typically in the source device and not 
the sink device, present a unique set of challenges, requiring a new and novel 
solution. Parent applications number 09/385,590 and 09/385,592 disclosed various 
protocol and cipher/deciphering techniques to authenticate a video sink device and 
protect transmission to the video sink device. Pseudo random numbers are 
employed as seed or basis numbers for the ciphering/deciphering process. 

As technology advances, it is desired to selectively allow certain video sink 
devices to make authorized copies of the protected video. According, a method and 
apparatus to protect the provision of copy control information is desired. 
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BRIEF DESCRIPTION OF DRAWINGS 

The present invention will be described by way of exemplary embodiments, 
but not limitations, illustrated in the accompanying drawings in which like references 
5 denote similar elements, and in which: 

Figure 1 illustrates an example video source device and an example video 
sink device incorporated with the teachings of the present invention, in accordance 
with one embodiment; 

Figure 2 illustrates an overview of the method of the present invention for 
10 protecting video provided by video source device to video recording device, in 
accordance with one embodiment; 

Figures 3a-3b illustrate the symmetric ciphering/deciphering process in 
further detail, in accordance with one embodiment; 

Figure 4 illustrates an overview oftlie metfiod of the present invention for 
1 5 protecting copy control information provided by video source device to video 
recording device, in accordance witti one embodiment; 

Figure 5 illustrates an example combined block/stream cipher unit of Fig- 1 in 
further detail, in accordance with one embodiment; 

Figure 6 illustrates the block key section of Fig. 4 in further detail, in 
20 accordance with one embodiment; and 

Figure 7 illustrates the block data section of Fig- 4 in further detail, in 
accordance with one embodiment. 
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DETAILED DESCRIPTION OF THE INVENTION 



In the following description, various aspects of the present invention will be 
described, and various details will be set forth in order to provide a thorough 
understanding of the present invention. However, it will be apparent to those skilled 
in the art that the present invention may be practiced with only some or all aspects of 
the present invention, and the present invention may be practiced without the specific 
details. In other instances, well known features are omitted or simplified in order not 
to obscure the present invention. 

Various operations will be described as multiple discrete steps performed in 
turn in a manner that is most helpful in understanding the present invention. 
However, the order of description should not be constmed as to imply that these 
operations are necessarily performed in the order they are presented, or even order 
dependent. Lastly, repeated usage of the phrase "in one embodiment" does not 
necessarily refer to the same embodiment, although it may. 

Referring now to Figure 1, wherein a blocfi diagram illustrating an example 
video source device incorporated with the teachings of the present invention, in 
accordance with one embodiment, is shown. As illustrated, video source device 102, 
incorporated with the teachings of the present invention, and video sink or recording 
device 104 are coupled to each other via digital video link 106. Video source device 
102 includes authentication unit 108 and video hardware interface 110, sharing 
cipher unit 112. While not detailed, video sink/recording device 104 is also similarly 
constituted with its own authentication unit, hardware interface and cipher unit. 
Video source device 102, using authentication unit 108, authenticates video 
sink/recording device 104. Authentication unit 108 employs an authentication 
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'^1 



. process that is based on a symmetric ciphering/deciphering process, requiring a 
seed or basis value to be provided by auttientication unit 108. The seed or basis 
value is a pseudo random number. Upon authenticating video sink/recording device 
104, video source device 102 generates and provides video content to video 
5 sink/recording device 104 through video hardware interface 110, which ciphers 
video content before transmission to protect the video content from unauthorized 
copying. Video hardware interface 110 ciphers the video content using ciphering 
bits generated by cipher unit 1 12. In accordance with the present invention, video 
source device 102 also provides copy control information to video sink/recording 
1 0 device 104 to specifically authorize and control copying or recording of the video 
I content provided. Further, video source device 102 also protects these copy control 

% information to prevent their tampering. As will be described in more detail below, 

J video source device 102 advantageously protects these copy control information by 
5 coupling or tying them to the symmetric ciphering and deciphering process 

. 15 employed to protect the video content As a result, the copy control information can 
] not be tampered with, as tampering with the copy control information will cause 

f video sink/recording device 104 to be unable to decipher the ciphered video. 

I The exact nature of these copy control information is application dependent 

and of no particular relevance to the practice of the present invention. Similarly, the 
20 communication interface employed (not shown) as well as the communication 
protocol employed by video source device 102 to convey the copy control 
information to video sink/recording device is also of no particular relevance to the 
practice of the present invention. Any communication link and protocol known in the 
art may be employed. 
25 Except for the teachings of the present invention incorporated, to be 

described more fully below, video source device 102 is intended to represent a 
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broad range of digital devices known in the art, including but not limited to 
computers of all sizes (from palm size device to desktop device, and beyond), set- 
up boxes, or DVD players. Examples of video recording devices include but are not 
limited to computing devices with storage medium, "digital VCR" and the like. As to 
digital video link 106, it may be implemented in any one of a number of mechanical 
and electrical forms, as long as they are consistent with the operating requirement 
f/.e. speed, bit rate and so forth), and a mechanism (which may be in hardware or 
through protocol) is provided to allow control information to be exchanged between 
video source and sink/recording devices 102 and 104. 

Before proceeding to describe the present invention in further detail, it should 
be noted that video sink/recording device 104 may also be disposed "behind" a 
video signal repeater device, repeating signals for the "remotely" disposed video 
sink/recording device 104, as opposed to being directly coupled to video source 
device 102 as illustrated. 

Figure 2 illustrates an overview of the symmetric ciphering/deciphering 
process based method for providing video content from a source device to a 
sink/recording device, in accordance with one embodiment. In this embodiment, 
source and sink/recording devices 102 and 104 are assumed to have each been 
provided with an array of private keys and a complementary identifier by a 
certification authority. As illustrated, upon power on or reset, source device 102 first 
provides a basis value to the symmetric ciphering/deciphering process to 
sink/device device 104 (block 202). For the illustrated embodiment, the basis value 
is a random number (AJ. A^, may be generated in any one of a number of 
techniques known in the art. Additionally, source device 102 also provides a 
selected one of its device keys (AkgJ to sink/recording device 104 (block 202). In 
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response, sink/recording device 104 replies with a selected one of its device keys 
(BkgJ (block 203). Upon exchanging the above information, source and 
sink/recording devices 102 and 104 independently generate their respective copies 
of an authentication key (K^) using Akgv and Bk^^ (block 204 and 205), For the 
5 illustrated embodiment, source device 102 generates its copy of K^, by summing 
private keys of its provided array indexed by Bkg^, while sink/recorder device 104 
generates its copy of Km by summing private keys of its provided array indexed by 
Akg^. At this time, if both source and sink devices 102 and 104 are authorized 
devices, they both possess and share a common secret authentication key K^. 
10 In one embodiment, each of source and sink/recording devices 102 and 104 

IS is pre-provided with an array of 40 56-bit private keys by the certification authority. 

k3 Ap is a 64"bit random number, and is 56-bit long. For more information on the 

% above described authentication process, see co-pending U.S. Patent Application, 

f serial number 09/275,722, filed on March 24, 1999, entitled Method and Apparatus 
J^, 15 for the Generation of Cryptographic Keys, having common inventorship as well as 

assignee with the present application. 
O Having authenticated sink/recording device 104, source device 102 ciphers 

0 video content into a ciphered form before transmitting the video content to sink 

device 104. Source device 102 ciphers the video content employing a symmetric 
20 ciphering/deciphering process, and using the random number (AJ as well as the 
independently generated authentication key (K^) (block 206). Upon receipt of the 
video content in ciphered form, sink/recording device 104 deciphers the ciphered 
video content employing the same symmetric ciphering/deciphering processing, and 
using the provided A^ as well as its independently generated copy of K^ (block 207). 
25 In accordance with the present invention, as an integral part of ciphering 

video content, source device 102 derives a set of verification reference values in a 
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predetermined manner (block 208), Likewise, as an integral part of symmetrically 
deciphering video content sink/reording device 104 also derives a set of verification 
values in a predetermined manner, and transmits these derived verification values to 
source device 102 (block 209). Upon receiving each of these verification values, 
5 source device 102 compares the received verification value to the corresponding 
one of the verification reference values to determine and confirm that indeed the 
ciphered video content is being properly deciphered by sink/recording device 104 
(block 210). 

For the illustrated embodiment, both source and sink/recording devices 102 
10 and 104 generate the verification reference and verification values continuously, but 
the verification values are provided from sink/recording device 104 to source device 
102 periodically at predetermined intervals. 

In one embodiment, the verification reference and verification values are all 
64-bits in length, and sink/recording device 104 provides source device 102 with 
15 verification values at initialization and every 64^^ frames thereafter. 

Figures 3a-3b illustrate the symmetric ciphering/deciphering process in 
further detail, in accordance with one embodiment. In this embodiment, the video 
content is assumed to be a multi-frame video content with each frame having 

20 multiple lines of video content. In between two lines of a frame is an interval to allow 
a sink device to horizontally "retrace" itself, commonly known as the horizontal 
retrace interval or horizontal blanking interval (HBI). Likewise, in between two 
frames is an interval to allow a sink device to vertically "retrace" itself, commonly 
known as the vertical retrace interval or vertical blanking interval (VBI). 

25 Source device 102 first generates a session key (Kg) for the transmission 

session (block 302). For the illustrated embodiment, Kg is generated by block 



Faber et al.-M&A For 

Protecting Copy Control Information . 



Express No: EL034434085US 
ATA/mjt 



Attorney Docket Ref: 42390.P8384 



ciphering the above mentioned random number using the authentication key K^^ 
as the block cipher key and applying C1 clocks. The duration of a transmission 
session is application dependent. Typically, it corresponds to a natural demarcation 
of the video content, e.g. the transmission of a single movie may constitute a 
5 transmission session, or the transmission of an episode of a sitcom may constitute a 
transmission session instead. 

Upon generating the session key Kg, source device 102 generates an initial 
version of a second random number (IVIo) (block 304). For the illustrated 
embodiment, source device 102 first generates a pseudo random bit sequence (at 

10 p-bit per clock) using a stream cipher with the above described random number 
and the session key Kg (in two roles, as another input random number and as the 
stream cipher key), applying C2 clocks. Source device 102 derives Mq from the 
pseudo random bit sequence, as the bit sequence is generated. 

Next, source device 102 generates a frame key (Kj) for the next frame (block 

15 306). For the illustrated embodiment, Kj is generated by block ciphering an 

immediately preceding version of the second random number Mj-I using the session 
key Kg as the block cipher key, and applying C3 clocks. That is, for the first frame, 
frame-1, frame key is generated by block ciphering the above described initial 
version of the second random number Mq, using Kg, and applying C3 clocks. 

20 Additionally, this operation is subsequently repeated at each vertical blanking 
interval for the then next frame, frame-2, frame-3, and so forth. 

Upon generating the frame key Kj, source device 102 generates the current 
version of the second random number (Mj) (block 302). For the illustrated 
embodiment, source device 102 first generates a pseudo random bit sequence (at 

25 p-bit per clock) using a stream cipher with the previous version of the second 
random number M^l and the frame key Kj (in two roles, as another input random 

Faber et al. - M&A For 9 Express No: EL034434085US 

Protecting Copy Control Infornnatlon ... ATA/mjt 



Attorney Docket Ref: 42390,P8384 



number and as the stream cipher key), applying C4 clocks. Source device 102 
derives Mj from the pseudo random bit sequence, as the bit sequence is generated. 

Upon generating the current version of the second random number iVIj, 
source device 102 again generates a pseudo random bit sequence (at p-bit per 
5 clock) to cipher the frame (block 308). For the illustrated embodiment, source 
device 102 generates the pseudo random bit sequence using a stream cipher with 
an immediately preceding version of the second random number Mj-I and frame key 
Kj (in two roles, as another input random number and the stream cipher key), 
applying C5 clock cycles. The video content is ciphered by perform an exclusive- 
10 OR (XOR) operation on the video stream and the pseudo random bit sequence. 
The pseudo random bit sequence is generated preferably at a rate sufficient to 
cipher a pixel of RGB signal per clock. Therefore, C5 is equal to the number of bits 
per pixel multiply by the number of pixels per line, as well as the number of lines per 
frame. 

1 5 For the illustrated embodiment, a stream cipher that successively transforms 

Mj and Kj in the course of generating the pseudo random bit sequence is employed. 
Additionally, the robustness of the ciphered video content is further strengthened by 
increasing the unpredictability of the pseudo random bit sequence through 
successive modification of then current states of Kj at the horizontal blanking 

20 intervals of the frame (block 31 0). 

Over in sink device 104, in like manner, it first generates a session key (Kg) 
for the transmission session (block 312). Upon generating the session key Kg, sink 
device 104 generates an initial version of the second random number (Mq) (block 
314). Next, sink device 104 generates the frame key (K;) and second random 

25 number (M,) for the next frame (block 316). This operation is likewise subsequently 
repeated at each vertical blanking interval for the then next frame. In the meantime, 



Faber et al. - M&A For 1 0 Express No: EL034434085US 

Protecting Copy Control Information ... ATA/mjt 



Attorney Docket Ref: 42390.P8384 



after generation of each frame key Kj and Mj, sink device 104 generates a 
corresponding pseudo random bit sequence to decipher the frame (block 318), The 
ciphered video content is deciphered by performing an exclusive-OR (XOR) 
operation on the video stream and the corresponding pseudo random bit sequence, 
5 Sink device 104 also employs a stream cipher that successively transforms Mj and 
Kj in the course of generating the pseudo random bit sequence. Furthermore, Kj is 
successively modified at the horizontal blanking intervals of the frame (block 320). 
Kj, the pseudo random bit sequence, and Mj are symmetrically generated as earlier 
described for source device 102, 
10 In one embodiment, Kg and each Kj are both 84-bit in length. C1 and C3 are 

both 48 clocks in length. Each pixel is 24-bit, and the pseudo random bit sequence 

p is generated at 24-bit per clock. Each M; is 64-bit in length, C3 and C4 are 56 

% clocks in length. Each 64-bit Mj is formed by concatenating the "lower" 16-bit stream 

cipher output of each of the last four clocks. 
15 Accordingly, video content may be advantageously transmitted in ciphered 

f ; form with increased robustness from source device 102 to sink/recording device 104 

O thnDugh link 106 with reduced pirating risk. 

Figure 4 illustrates an overview of the method of the present invention for 
20 protecting the copy control information provided by the video source device to the 
video sink/recording device, in accordance with one embodiment For the illustrated 
embodiment it is assumed that the copy control information may be expressed as a 
bit vector of n-bits, where n is an integer. As illustrated, in accordance with the 
present invention, at power on or reset, 402, prior to the initialization of cipher unit 
25 112, video source device 102 incorporates the n-bit copy control information as an 
integral part of one the initialization values to be employed to initialize the cipher unit 
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for protecting the video content. In one embodiment, video source device 102 
incorporates tfie n-bit copy control information as an integral part of an initialization 
value to be employed to initialize a basis register of a round function oftlie block 
ciptier section of cipher unit 112, More specifically, in one embodiment, video 
5 source device 102 incorporates the n-bit copy control information as the most 

significant bits f/WSSj of the initialization value for the data section round function of 
the block cipher 

Upon receipt of the copy control information from video source device 102, 
video sink/recording device 104 would do the same thing, that is incorporating the n- 
1 0 bit copy control information into the corresponding initialization value for a 
S corresponding register of its cipher unit in like manner 

Q Thereafter, 404, video source and sink/recording device 102 and 104 would 

J; correspondingly initialize their cipher units, including the special initialization value 

^ (incorporated with the copy control information) among the initialization values to be 

1 5 employed. Accordingly, the copy control information affects the pseudo random 
sequence subsequently generated by cipher unit 112, and employed to cipher video 
O content as earlier described. In like manner, unless tampered, the corresponding 

O effects will manifest themselves in the pseudo random sequence subsequently 

generated by the cipher unit of video sink/recording device 104 to decipher the 
20 ciphered video content. 

In the event the copy control information are tampered with, the correct 
pseudo random sequence required to decipher the ciphered video content will not 
be produced, and as a result, the video content will not be available for copy. 

Thus, in can be seen from the foregoing, the copy control information are 
25 protected from tampering, 
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Figure 5 illustrates an example combined block/stream cipher suitable for 
use to practice the present invention, in accordance with one embodiment. As 
illustrated, combined block/stream cipher 112 includes block key section 502, data 
section 504, stream key section 506, and mapping section 508, coupled to one 
5 another as shown. Block key section 502 and data section 504 are employed in 
both the block mode as well as the stream mode of operation, whereas stream key 
section 506 and mapping section 508 are employed only in the stream mode of 
operation. 

Briefly, in block mode, block key section 502 is provided with a block cipher 
10 key, such as the earlier described authentication key or the session key K^; 
whereas data section 504 is provided with the plain text, such as the earlier 
described random number An or the derived random number M-L "Rekeying 
enable" signal is set to a "disabled" state, operatively de-coupling block key section 
502 from stream key section 506. During each clock cycle, the block cipher key as 
15 well as the plain text are transformed. The block cipher key is independently 
transformed, whereas transformation of the plain text is dependent on the 
transformation being performed on the block cipher key. After a desired number of 
clock cycles, the provided plain text is transformed into ciphered text. For the earlier 
described video content protection method, when block key section 502 is provided 
20 with and data section 504 is provided with the A^, ciphered A^ is read out and 
used as the session keyg. When block key section 502 is provided with Kg and data 
section 504 is provided with the Mj-1 , ciphered Mj-I is read out and used as the 
frame key Kj. 

To decipher the ciphered plain text, block key section 502 and data section 
25 504 are used in like manner as described above to generate the intermediate 
"keys", which are stored away (in storage locations not shown). The stored 
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intermediate "keys" are then applied to tlie ciphered text in reversed order, resulting 
in the deciphering of the ciphered text back into the original plain text. Another 
approach to deciphering the ciphered text will be described after block key section 
502 and data section 504 have been further described in accordance with one 
5 embodinnent each, referencing Figs. 6-7. 

In stream mode, stream key section 506 is provided with a stream cipher key, 
such as the earlier described session key Kg or frame key Kj. Block key section 502 
and data section 504 are provided with random numbers, such as the earlier 
described session/frame keys KJK^ and the derived random numbers Mj-1. 

10 "Rekeying enable" signal is set to an "enabled" state, operatively coupling block key 
section 502 to stream key section 506. Periodically, at predetermined intervals, 
such as the earlier described horizontal blanking intervals, stream key section 506 is 
used to generate one or more data bits to dynamically modify the then current state 
of the random number stored in block data section 502. During each clock cycle, in 

15 between the predetermined intervals, both random numbers stored in block key 

section 502 and data section 504 are transformed. The random number provided to 
block key section 502 is independently transformed, whereas transformation of the 
random number provided to data section 504 is dependent on the transformation 
being performed in block key section 502. Mapping block 506 retrieves a subset 

20 each, of the newly transformed states of the two random numbers, and reduces 
them to generate one bit of the pseudo random bit sequence. Thus, in a desired 
number of clock cycles, a pseudo random bit sequence of a desired length is 
generated. 

For the illustrated embodiment, by virtue of the employment of the "rekeying 
25 enable" signal, stream key section 506 may be left operating even during the block 
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mode, as its outputs are effectively discarded by the "rekeying enable" signal (set In 
a "disabled" state). 

Figure 6 illustrates the block key section of Fig. 5 In further detail, In 
5 accordance with one embodiment. As illustrated, block key section 502 includes 
registers 602a-602c, substitution boxes 604, and linear transformation unit 606. In 
block mode, registers 602a-602c are collectively Initialized to a block cipher key, 
e.g. authentication key or session key Ks. In stream mode, registers 602a-602c 
are collectively initialized to a random number, e.g. session key Kg or frame key K|. 
10 Each round, substitution boxes 604 and linear transformation unit 606 modify the 
content of registers 602a-602c. More specifically, substitution boxes 604 receive 
!3 the content of register 602a, modify it, and then store the substituted content into 

3 register 602c. Similarly, linear transformation unit 606 receives the content of 

m registers 602b and 602c, linearly transforms them, and then correspondingly stores 
U 15 the linearly transformed content into registers 602a and 602b. 

•''Pi 

Y: Substitution boxes 604 and linear transformation unit 606 may be 

2 implemented in a variety of ways in accordance with well known cryptographic 

'3 principles. One specific implementation is given in more detail below after the 

description of Fig. 7. 

20 

Figure 7 illustrates the block data section of Fig. 5 in further detail, in 
accordance with one embodiment. For the Illustrated embodiment, data section 504 
is similarly constituted as block key section 502, except linear transformation unit 
706 also takes into consideration the content of register 602b, when transforming 
25 the contents of registers 702b-702c. In block mode, registers 702a-702c are 

collectively Initialized with the target plain text, e.g. earlier described random number 
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An or derived random number Mj-1 (incorporated with the n-bit copy control 
information). In stream mode, registers 702a-702c are collectively initialized with a 
random number. Each round, substitution boxes 704 and linear transformation unit 
706 modify the content of registers 702a-702c as described earlier for block key 
5 section 502 except for the differences noted above. 

Again, substitution boxes 604 and linear transformation unit 606 may be 
implemented in a variety of ways in accordance with well known cryptographic 
principles. 

In one implementation for the above described embodiment, each register 
10 602a, 602b, 602c, 702a, 702b, 702c is 28-bit wide. [Whenever registers 602a-602c 
or 702a-702cb collectively initialized with a key value or random number less than 
84 bits, the less than 84-bit number is initialized to the lower order bit positions with 
the higher order bit positions zero filled.] Additionally, each set of substitution boxes 
604 or 704 are constituted with seven 4 input by 4 output substitution boxes. Each 
15 linear transformation unit 606 or 706 produces 56 output values by combining 
outputs from eight diffusion networks (each producing seven outputs). More 
specifically, the operation of substitution boxes 604/704 and linear transformation 
unit 606/706 are specified by the four tables to follow. For substitution boxes 
604/704, the Ith input to box J is bit 1*7+J of register 602a/702a, and output I of box 
20 J goes to bit TZ+j of register 602c/702c. [Bit 0 is the least significant bit.] For each 
diffusion network (linear transformation unit 606 as well as 706), the inputs are 
generally labeled 10-16 and the outputs are labeled 00-06. The extra inputs for 
each diffusion network of the linear transformation unit 706 is labeled K0-K6. 
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Table I - Substitution performed by each of ttie seven constituting substitution 
boxes of substitution boxes 604/704. 
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Tables II & III - Diffusion networks for linear transformation unit 606/706 
(continued in Table IV). 
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Table IV - Diffusion networks for linear transformation unit 606/706 (continued 
from Tables II & 111). 

Referring now back to Fig. 5, recall that a ciphered text may be deciphered 
by generating the intermediate "keys" and applying them backward. Altematively, 
for an embodiment where either the inverse of substitution boxes 604/704 and linear 
transformation units 606/706 are included or they may be dynamically reconfigured 
to operate in an inverse manner, the ciphered text may be deciphered as follows. 
First, the cipher key used to cipher the plain text is loaded into block key section 
502, and block key section 502 is advanced by R-1 rounds, i.e. one round short of 
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the number of rounds (R) applied to cipher the plain text. After the initial R-1 
rounds, the ciphered text is loaded into data section 504, and both sections, block 
key section 502 and data section 504, are operated "backward", i.e. with substitution 
boxes 604/704 and linear transformation units 606/706 applying the inverse 
substitutions and linear transformations respectively. 

Other sections, such as stream key section 506 and mapping section 508, of 
the example combined block/stream cipher illustrated in Fig. 5, are of no particular 
significance to the practice of the present invention. Accordingly, they will not be 
"re-described" in detail here. These sections are described in detail in the parent 
applications. 

Accordingly, a novel method and apparatus for protecting copy control 
information provided to a video recording device has been described. 

Epilogue 

From the foregoing description, those skilled in the art will recognize that 
many other variations of the present invention are possible. Thus, the present 
invention is not limited by the details described, instead, the present invention can 
be practiced with modifications and alterations within the spirit and scope of the 
appended claims. 
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CLAIMS 

What is claimed is: 

1 1. A method comprising: 

2 a video source device providing n bits of copy control information to a video 

3 recording device; 

4 eacti of the video source and recording devices incorporating said n bits of 

5 copy control information as part of an initialization value; and 

6 each of the video source and recording devices initializing a cipher unit with 

1 7 said initialization value to practice a symmetric ciphering/deciphering process 

O 8 employed by the video source and recording devices to protect video transmitted 

2 9 from the video source device to the video recording device. 

% 1 2. The method of claim 1, wherein each of said incorporation of said n bits of 

2 copy control information as part of the initialization value by said video source and 

S 3 recording devices comprises incorporation of said n bits of copy control information 

O 4 as most significant bits of the initialization value. 

1 3. The method of claim 1, wherein each of said initialization of a cipher unit by 

2 said video source and recording devices comprises initializing a register of the 

3 cipher unit with the copy control information incorporated initialization value. 

1 4. The method of claim 3, wherein each of said initialization of a register of the 

2 cipher unit by said video source and recording devices comprises initializing a 

3 register of a round function of a block cipher 
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1 5. A video apparatus comprising: 

2 a cipher unit to generate a sequence of ciphering bits to cipher video to be 

3 transmitted by the video apparatus to a video recording device, the cipher unit 

4 including a register to be initialized with an initialization value incorporating n bits of 

5 copy control information; and 

6 a communication interface coupled to the video recording device to provide 
1 said n-bit copy control information to said video recording device. 

1 6. The video apparatus of claim 5, wherein said initialization value incorporates 
' S 2 said n bits of copy control information as its most significant bits. 

^ 1 7. The video apparatus of claim 5, wherein said cipher unit comprises a block 

'si-' 

ffi 2 cipher, and said register is a register of a round function of said block cipher 

n ^ 1 8. A video apparatus comprising: 

2 a cipher unit to generate a sequence of deciphering bits to decipher ciphered 
^ 3 video to be received from a video source device, the cipher unit including a register 

4 to be initialized with an initialization value incorporating n bits of copy control 

5 information; and 

6 a communication interface coupled to the video source device to receive said 

7 n-bit copy control information from said video source device. 

1 9. The video apparatus of claim 8, wherein said initialization value incorporates 

2 said n bits of copy control information as its most significant bits. 
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1 10. The video apparatus of claim 8, wherein said cipher unit comprises a block 

2 cipher, and said register is a register of a round function of said block cipher. 

1 11. In a video source device, a method composing: 

2 providing a video recording device with n-bits of copy control infomiation; 

3 incorporating said n-bits of copy control information as a part of an 

4 initialization value; 

5 initializing a block cipher with said initialization value; 

6 operating said block cipher to generate a key for use by a stream cipher to 

7 cipher video to be transmitted to the video recording device. 

1 12. The method of claim 1 1, wherein said incorporation of said n bits of copy 

2 control information as part of an initialization value comprises incorporation of said n 

3 bits of copy control infonvation as most significant bits of the initialization value. 

1 13. The method of claim 1 1, wherein said initialization of the block cipher unit 

2 comprises initializing a register of a round function of the block cipher 



1 14. In a video recording device, a method comprising: 

2 receiving from a video source device n-bits of copy control information; 

3 incorporating said n-bits of copy control information as a part of an 

4 initialization value; 

5 initializing a block cipher with said initialization value; 

6 operating said block cipher to generate a key for use by a stream cipher to 

7 decipher ciphered video received from the video source device. 



Faber et al. - M&A For 

Protecting Copy Control Information . 



23 



Express No: ELQ34434085US 
ATA/mjt 



Attorney Docket Ref: 42390.P8384 

1 15. The method of claim 14, wherein said incorporation of said n bits of copy 

2 control information as part of an initialization value comprises incorporation of said n 

3 bits of copy control information as most significant bits of the initialization value. 

1 16. The method of claim 14, wherein said initialization of the bloci< cipher unit 

2 comprises initializing a register of a round function of the block cipher. 




Faber et al. - M&A For 

Protecting Copy Control Information . 



24 



Express No: EL034434085US 
ATA/mjt 



Attorney Docket Ref: 42390.P8384 

ABSTRACT OF THE DISCLOSURE 

A video source device includes a cipher unit. The cipher unit includes a block 
cipher and a stream cipher The video source device uses the block cipher to 
5 generate at least one cipher key for use by the stream cipher to generate cipher bits 
for ciphering video to be transmitted to a video recording device. The video source 
device further provides n bits of copy control information to the video recording 
device. The video source device incorporates the n-bit copy control information as 
part of an initialization value, and initializes a register of a round function of the block 
10 cipher with the initialization value. The video recording device also includes a cipher 
unit of like kind, and operates the block and stream ciphers in like manner to 
O decipher the ciphered video received from the video source device. Upon receiving 
2 the n-bit copy control information, the video recording device also forms an 

m initialization value and initializes a corresponding register of the corresponding 

L 15 round function of its block cipher Accordingly, protection is provided to the copy 
y ; control information. 
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Residence ^ Citizenship 

( City , State) (Country) 

P. O. Address 
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APPENDIX A 



I hereby appoint BLAKELY, SOKOLOFF, TAYLOR & ZAFMAN LLP, a fim including: William E. Alford, 
Reg. No. 37,764; Farzad E. Amini, Reg. No. 42,261; Amy M. Armstrong, Reg. No. 42,265; Aloysins T. C. AuYeung, ' 
Reg. No. 35,432; William Thomas Babbitt, Reg. No. 39,591; Carol F. Barry, Reg. No. 41,600; Jordan Michael Becker, 
Reg. No. 39,602; Bradley J. Bereznak, Reg. No. 33,474; Michael A. Bemadicou, Reg. No. 35,934; Roger W. Blakely,'jr., 
Reg. No. 25,83 1 ; R. Alan Burnett, Reg. No. 46,149; Gregory D. Caldwell, Reg. No. 39,926; Ronald C, Card, Reg. No. 
44,587; Thomas M. Coester, Reg, No, 39,637; Donna Jo Conmgsby, Reg. No. 41,684; Michael Anthony DeSanctis, Reg. 
No. 39,957; Daniel M. De Vos, Reg. No. 37,813; Robert Andrew Diehl, Reg. No, 40,992; Matthew C. Fagan, Reg. No. 
37,542; TarekN. Fahmi, Reg. No. 41,402; George L. Fountain, Reg. No. 36,374; Paramita Ghosh, Reg. No. 42,806; James 
Y. Go, Reg. No. 40,621; James A. Henry, Reg, No. 41,064; Willmore F. Holbrow III, Reg. No. 41,845; Sheryl Sue 
Holloway, Reg. No. 37,850; George W Hoover II, Reg. No. 32,992; Eric S. Hyman, Reg. No. 30,139; William W. Kidd, 
Reg. No. 31,772; Sang Hui Kim, Reg, No. 40,450; Walter T. Kim, Reg. No. 42,731; Eric T. King, Reg. No. 44,188; Erica 
W. Kuo, Reg. No. 42,775; Joseph Lutz, Reg. No, 43,765; Michael J. Mallie, Reg. No. 36,591; Paul A. Mendonsa, Reg. 
No. 42,879; CHve D. Menezes, Reg. No. 45,493; Darren J. Milliken, Reg. No. 42,004; Chun M. Ng, Reg. No. 36878; 
Thien T, Nguyen, Reg. No. 43,835; Thmh V. Nguyen, Reg. No. 42,034; Dennis A. Nicholls, Reg. No, 42,036; Lisa A, 
Norris, Reg. No, 44,976; Daniel E, Ovanezian, Reg. No. 41,236; William F. Ryann, Reg. No. 44,313; James H. Salter, 
Reg. No. 35,668; William W, Schaal, Reg. No. 39,018; James C. Scheller, Reg. No. 31,195; Jeffrey S. Smith, Reg. No. 
39,377; Maria McCormack Sobrino, Reg. No. 31,639; Stanley W. Sokoloff, Reg. No. 25,128; Judith A. Szepesi, Reg. No. 
39,393; Vincent P. Tassinari, Reg. No. 42,179; Edwm H, Taylor, Reg, No. 25,129; Joseph A. Twarowski, Reg. No. 
42,191; Lester L Vincent, Reg, No. 31,460; Glenn E, Von Tersch, Reg. No, 41,364; John Patrick Ward, Reg. No. 40,216; 
Charles T. J. Weigell, Reg. No. 43,398; James M. Wu, Reg. No. 45,241; Steven D. Yates, Reg. No, 42,242; and Norman 
^ Zafinan, Reg, No. 26,250; my attorneys; and Andrew C. Chen, Reg. No. 43,544; Justin M. Dillon, Reg. No. 42,486; and 

John F. Travis, Reg. No. 43,203; my patent agents, of BLAKELY, SOKOLOFF, TAYLOR & ZAFMAN LLP, with 
* offices located at 12400 Wilshire Boulevard, 7th Floor, Los Angeles, California 90025, telephone (714) 557-3800, and 
m Alan K, Aldous, Reg, No. 31,905; Robert D. Anderson, Reg, No. 33,826; Joseph R. Bond, Reg. No. 36,458; Richard C. 
p Calderwood, Reg. No. 35,468; Jeffrey S, Draeger, Reg. No. 41,000; Cynthia Thomas Faatz, Reg No, 39,973; Sean 
m Fitzgerald, Reg. No, 32,027; John N. Greaves, Reg. No. 40,362; Seth Z. Kalson, Reg. No. 40,670; David J, Kaplan, Reg, 
if] 41,105; Charles A. Mirho, Reg, No. 41,199; Leo V. Novakoski, Reg, No, 37,198; Naomi Obmata, Reg. No. 39,320; 
^ Thomas C. Reynolds, Reg. No. 32,488; Kenneth M. Seddon, Reg, No, 43,105; Mark Seeley, Reg. No. 32,299; Steven P.' 
Skabrat, Reg. No. 36,279; Howard A, Skaist, Reg. No, 36,008; Steven C. Stewart, Reg, No. 33,555; Raymond J. Werner, 
' Reg. No. 34,752; Robert G. Winkle, Reg. No. 37,474; and Charles K. Young, Reg. No. 39,435; my patent attorneys, and 
Thomas Raleigh Lane, Reg, No. 42,781; Calvin E, Wells; Reg, No, P43,256, Peter Lam, Reg. No, 44,855; and Gene L Su, 
^ Reg. No. 45,140; my patent agents, of INTEL CORPORATION; and James R. Thein, Reg. No, 31,710, my patent 
y J attorney; with full power of substitution and revocation, to prosecute this appHcation and to transact all business in the 
yy Patent and Trademark Office connected herewith. 
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